From patchwork Mon Feb 24 09:15:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilan Peer X-Patchwork-Id: 1242951 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=XD0wXc8W; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48Qxwh2h2kz9sPk for ; Mon, 24 Feb 2020 20:44:20 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=WU0HQV+S8pL4evZRf+95g8xTs7L/ZTak8wT2c2WJc7c=; b=XD0wXc8WfG6TKrGY2AMdZZI8DI dDatJk4YjwTzsn0Qqo5jFtjC2SWY3fptugW5bTxcEQKKG8M4748sL8eLk2FBuYFKK0Fyznsgr13T8 nmMhOmwoAAGeXOJT/FT3breOLlamCgL9dHmAr8uBZn3K4/E6UIG68rT6+ZujzKsnNkoWpO3RzwjaA O7oVA6dftOydl0cNgsxJhMIz45l0xu9iA8V10SMbXreOzAvfZ49tzNASFyzQXa3EYNyTN1vSPd70h elahCtk0YQzgl9S6D2cRumvmlT6yiuu0B7oX6ksf3c93ckQpeIbUuY9h6IYrLsPr1YTlP8ti0OPci oWKjZCpw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6AHb-0005JY-2Q; Mon, 24 Feb 2020 09:44:11 +0000 Received: from mga17.intel.com ([192.55.52.151]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j69qA-0007nA-Ok for hostap@lists.infradead.org; Mon, 24 Feb 2020 09:15:59 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Feb 2020 01:15:40 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,479,1574150400"; d="scan'208";a="225914461" Received: from jed01681.jer.intel.com ([10.12.190.127]) by orsmga007.jf.intel.com with ESMTP; 24 Feb 2020 01:15:39 -0800 From: Ilan Peer To: hostap@lists.infradead.org Subject: [PATCH 04/14] tests: Add module tests for PASN PTK derivation Date: Mon, 24 Feb 2020 11:15:19 +0200 Message-Id: <20200224091529.15259-5-ilan.peer@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200224091529.15259-1-ilan.peer@intel.com> References: <20200224091529.15259-1-ilan.peer@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200224_011550_954097_0B3A87E6 X-CRM114-Status: GOOD ( 12.60 ) X-Spam-Score: -2.3 (--) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [192.55.52.151 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ilan Peer MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Based on tests vectors taken from Draft P802.11az_D2.0. Signed-off-by: Ilan Peer --- src/common/common_module_tests.c | 171 ++++++++++++++++++++++++++++++- 1 file changed, 170 insertions(+), 1 deletion(-) diff --git a/src/common/common_module_tests.c b/src/common/common_module_tests.c index 7694c96b43..1bc8fab503 100644 --- a/src/common/common_module_tests.c +++ b/src/common/common_module_tests.c @@ -547,6 +547,174 @@ fail: } +#ifdef CONFIG_PASN +static int pasn_test_pasn_auth(void) +{ + /* Test vector taken from Draft P802.11az_D2.0 section J.12 */ + const u8 pmk[] = { + 0xde, 0xf4, 0x3e, 0x55, 0x67, 0xe0, 0x1c, 0xa6, + 0x64, 0x92, 0x65, 0xf1, 0x9a, 0x29, 0x0e, 0xef, + 0xf8, 0xbd, 0x88, 0x8f, 0x6c, 0x1d, 0x9c, 0xc9, + 0xd1, 0x0f, 0x04, 0xbd, 0x37, 0x8f, 0x3c, 0xad, + }; + + const u8 spa_addr[] = { + 0x00, 0x90, 0x4c, 0x01, 0xc1, 0x07, + }; + const u8 bssid[] = { + 0xc0, 0xff, 0xd4, 0xa8, 0xdb, 0xc1, + }; + const u8 dhss[] = { + 0xf8, 0x7b, 0x20, 0x8e, 0x7e, 0xd2, 0xb7, 0x37, + 0xaf, 0xdb, 0xc2, 0xe1, 0x3e, 0xae, 0x78, 0xda, + 0x30, 0x01, 0x23, 0xd4, 0xd8, 0x4b, 0xa8, 0xb0, + 0xea, 0xfe, 0x90, 0xc4, 0x8c, 0xdf, 0x1f, 0x93, + }; + const u8 kck[] = { + 0x7b, 0xb8, 0x21, 0xac, 0x0a, 0xa5, 0x90, 0x9d, + 0xd6, 0x54, 0xa5, 0x60, 0x65, 0xad, 0x7c, 0x77, + 0xeb, 0x88, 0x9c, 0xbe, 0x29, 0x05, 0xbb, 0xf0, + 0x5a, 0xbb, 0x1e, 0xea, 0xc8, 0x8b, 0xa3, 0x06, + }; + const u8 tk[] = { + 0x67, 0x3e, 0xab, 0x46, 0xb8, 0x32, 0xd5, 0xa8, + 0x0c, 0xbc, 0x02, 0x43, 0x01, 0x6e, 0x20, 0x7e, + }; + const u8 hltk[] = { + 0x2d, 0x0f, 0x0e, 0x82, 0xc7, 0x0d, 0xd2, 0x6b, + 0x79, 0x06, 0x1a, 0x46, 0x81, 0xe8, 0xdb, 0xb2, + 0xea, 0x83, 0xbe, 0xa3, 0x99, 0x84, 0x4b, 0xd5, + 0x89, 0x4e, 0xb3, 0x20, 0xf6, 0x9d, 0x7d, 0xd6, + }; + struct wpa_ptk ptk; + int ret; + + ret = pasn_pmk_to_ptk(pmk, sizeof(pmk), + spa_addr, bssid, + dhss, sizeof(dhss), + &ptk, WPA_KEY_MGMT_PASN, WPA_CIPHER_CCMP, + WPA_HLTK_MAX_LEN); + + if (ret) + return ret; + + if (ptk.kck_len != sizeof(kck) || + os_memcmp(kck, ptk.kck, sizeof(kck))) { + wpa_printf(MSG_ERROR, "PASN: mismatched KCK"); + return -1; + } + + if (ptk.tk_len != sizeof(tk) || os_memcmp(tk, ptk.tk, sizeof(tk))) { + wpa_printf(MSG_ERROR, "PASN: mismatched TK"); + return -1; + } + + if (ptk.hltk_len != sizeof(hltk) || + os_memcmp(hltk, ptk.hltk, sizeof(hltk))) { + wpa_printf(MSG_ERROR, "PASN: mismatched HLTK"); + return -1; + } + + return 0; +} + + +static int pasn_test_no_pasn_auth(void) +{ + /* Test vector taken from Draft P802.11az_D2.0 section J.13 */ + const u8 pmk[] = { + 0xde, 0xf4, 0x3e, 0x55, 0x67, 0xe0, 0x1c, 0xa6, + 0x64, 0x92, 0x65, 0xf1, 0x9a, 0x29, 0x0e, 0xef, + 0xf8, 0xbd, 0x88, 0x8f, 0x6c, 0x1d, 0x9c, 0xc9, + 0xd1, 0x0f, 0x04, 0xbd, 0x37, 0x8f, 0x3c, 0xad, + }; + const u8 aa[] = { + 0xc0, 0xff, 0xd4, 0xa8, 0xdb, 0xc1, + }; + const u8 spa[] = { + 0x00, 0x90, 0x4c, 0x01, 0xc1, 0x07, + }; + const u8 anonce[] = { + 0xbe, 0x7a, 0x1c, 0xa2, 0x84, 0x34, 0x7b, 0x5b, + 0xd6, 0x7d, 0xbd, 0x2d, 0xfd, 0xb4, 0xd9, 0x9f, + 0x1a, 0xfa, 0xe0, 0xb8, 0x8b, 0xa1, 0x8e, 0x00, + 0x87, 0x18, 0x41, 0x7e, 0x4b, 0x27, 0xef, 0x5f, + }; + const u8 snonce[] = { + 0x40, 0x4b, 0x01, 0x2f, 0xfb, 0x43, 0xed, 0x0f, + 0xb4, 0x3e, 0xa1, 0xf2, 0x87, 0xc9, 0x1f, 0x25, + 0x06, 0xd2, 0x1b, 0x4a, 0x92, 0xd7, 0x4b, 0x5e, + 0xa5, 0x0c, 0x94, 0x33, 0x50, 0xce, 0x86, 0x71, + }; + const u8 kck[] = { + 0xcd, 0x7b, 0x9e, 0x75, 0x55, 0x36, 0x2d, 0xf0, + 0xb6, 0x35, 0x68, 0x48, 0x4a, 0x81, 0x12, 0xf5, + }; + const u8 kek[] = { + 0x99, 0xca, 0xd3, 0x58, 0x8d, 0xa0, 0xf1, 0xe6, + 0x3f, 0xd1, 0x90, 0x19, 0x10, 0x39, 0xbb, 0x4b, + }; + const u8 tk[] = { + 0x9e, 0x2e, 0x93, 0x77, 0xe7, 0x53, 0x2e, 0x73, + 0x7a, 0x1b, 0xc2, 0x50, 0xfe, 0x19, 0x4a, 0x03, + }; + const u8 hltk[] = { + 0x6c, 0x7f, 0xb9, 0x7c, 0xeb, 0x55, 0xb0, 0x1a, + 0xcf, 0xf0, 0x0f, 0x07, 0x09, 0x42, 0xbd, 0xf5, + 0x29, 0x1f, 0xeb, 0x4b, 0xee, 0x38, 0xe0, 0x36, + 0x5b, 0x25, 0xa2, 0x50, 0xbb, 0x2a, 0xc9, 0xff, + }; + struct wpa_ptk ptk; + int ret; + + ret = wpa_pmk_to_ptk(pmk, sizeof(pmk), + "Pairwise key expansion", + spa, aa, snonce, anonce, + &ptk, WPA_KEY_MGMT_SAE, WPA_CIPHER_CCMP, + NULL, 0, WPA_HLTK_MAX_LEN); + + if (ret) + return ret; + + if (ptk.kck_len != sizeof(kck) || + os_memcmp(kck, ptk.kck, sizeof(kck))) { + wpa_printf(MSG_ERROR, "HLTK no PASN auth: mismatched KCK"); + return -1; + } + + if (ptk.kek_len != sizeof(kek) || + os_memcmp(kek, ptk.kek, sizeof(kek))) { + wpa_printf(MSG_ERROR, "HLTK no PASN auth: mismatched KEK"); + return -1; + } + + if (ptk.tk_len != sizeof(tk) || os_memcmp(tk, ptk.tk, sizeof(tk))) { + wpa_printf(MSG_ERROR, "HLTK no PASN auth: mismatched TK"); + return -1; + } + + if (ptk.hltk_len != sizeof(hltk) || + os_memcmp(hltk, ptk.hltk, sizeof(hltk))) { + wpa_printf(MSG_ERROR, "HLTK no PASN auth: mismatched HLTK"); + return -1; + } + + return 0; +} +#endif /* CONFIG_PASN */ + + +static int pasn_tests(void) +{ +#ifdef CONFIG_PASN + if (pasn_test_pasn_auth() || + pasn_test_no_pasn_auth()) + return -1; +#endif /* CONFIG_PASN */ + return 0; +} + + int common_module_tests(void) { int ret = 0; @@ -556,7 +724,8 @@ int common_module_tests(void) if (ieee802_11_parse_tests() < 0 || gas_tests() < 0 || sae_tests() < 0 || - rsn_ie_parse_tests() < 0) + rsn_ie_parse_tests() < 0 || + pasn_tests() < 0) ret = -1; return ret;